mirror of
https://github.com/CommunitySolidServer/CommunitySolidServer.git
synced 2024-10-03 14:55:10 +00:00
91 lines
3.4 KiB
TypeScript
91 lines
3.4 KiB
TypeScript
import type { CredentialSet } from '../../../src/authentication/Credentials';
|
|
import { CredentialGroup } from '../../../src/authentication/Credentials';
|
|
import { OwnerPermissionReader } from '../../../src/authorization/OwnerPermissionReader';
|
|
import { AclMode } from '../../../src/authorization/permissions/AclPermission';
|
|
import type { AccessMode } from '../../../src/authorization/permissions/Permissions';
|
|
import type { AuxiliaryIdentifierStrategy } from '../../../src/http/auxiliary/AuxiliaryIdentifierStrategy';
|
|
import type { ResourceIdentifier } from '../../../src/http/representation/ResourceIdentifier';
|
|
import type {
|
|
AccountSettings,
|
|
AccountStore,
|
|
} from '../../../src/identity/interaction/email-password/storage/AccountStore';
|
|
|
|
describe('An OwnerPermissionReader', (): void => {
|
|
const owner = 'http://test.com/alice/profile/card#me';
|
|
const podBaseUrl = 'http://test.com/alice/';
|
|
let credentials: CredentialSet;
|
|
let identifier: ResourceIdentifier;
|
|
let modes: Set<AccessMode>;
|
|
let settings: AccountSettings;
|
|
let accountStore: jest.Mocked<AccountStore>;
|
|
let aclStrategy: jest.Mocked<AuxiliaryIdentifierStrategy>;
|
|
let reader: OwnerPermissionReader;
|
|
|
|
beforeEach(async(): Promise<void> => {
|
|
credentials = { [CredentialGroup.agent]: { webId: owner }};
|
|
|
|
identifier = { path: `${podBaseUrl}.acl` };
|
|
|
|
modes = new Set<AccessMode | AclMode>([ AclMode.control ]) as Set<AccessMode>;
|
|
|
|
settings = {
|
|
useIdp: true,
|
|
podBaseUrl,
|
|
clientCredentials: [],
|
|
};
|
|
|
|
accountStore = {
|
|
getSettings: jest.fn(async(webId: string): Promise<AccountSettings> => {
|
|
if (webId === owner) {
|
|
return settings;
|
|
}
|
|
throw new Error('No account');
|
|
}),
|
|
} as any;
|
|
|
|
aclStrategy = {
|
|
isAuxiliaryIdentifier: jest.fn((id): boolean => id.path.endsWith('.acl')),
|
|
} as any;
|
|
|
|
reader = new OwnerPermissionReader(accountStore, aclStrategy);
|
|
});
|
|
|
|
it('returns empty permissions for non-ACL resources.', async(): Promise<void> => {
|
|
identifier.path = podBaseUrl;
|
|
await expect(reader.handle({ credentials, identifier, modes })).resolves.toEqual({});
|
|
});
|
|
|
|
it('returns empty permissions if there is no agent WebID.', async(): Promise<void> => {
|
|
credentials = {};
|
|
await expect(reader.handle({ credentials, identifier, modes })).resolves.toEqual({});
|
|
});
|
|
|
|
it('returns empty permissions if the agent has no account.', async(): Promise<void> => {
|
|
credentials.agent!.webId = 'http://test.com/someone/else';
|
|
await expect(reader.handle({ credentials, identifier, modes })).resolves.toEqual({});
|
|
});
|
|
|
|
it('returns empty permissions if the account has no pod.', async(): Promise<void> => {
|
|
delete settings.podBaseUrl;
|
|
await expect(reader.handle({ credentials, identifier, modes })).resolves.toEqual({});
|
|
});
|
|
|
|
it('returns empty permissions if the target identifier is not in the pod.', async(): Promise<void> => {
|
|
identifier.path = 'http://somewhere.else/.acl';
|
|
await expect(reader.handle({ credentials, identifier, modes })).resolves.toEqual({});
|
|
});
|
|
|
|
it('returns full permissions if the owner is accessing an ACL resource in their pod.', async(): Promise<void> => {
|
|
await expect(reader.handle({ credentials, identifier, modes })).resolves.toEqual({
|
|
[CredentialGroup.agent]: {
|
|
read: true,
|
|
write: true,
|
|
append: true,
|
|
create: true,
|
|
delete: true,
|
|
control: true,
|
|
},
|
|
});
|
|
});
|
|
});
|